Could your organization be the next victim of a cyber attack? Few other technological advancements have been adopted by so many people in such a short period of time as the Internet of Things (IoT). Originally used by governments as a means of sharing information, IoT was first rolled out for mainstream commercial and consumer use in the early-to-mid 1990s. Just three decades later, it’s currently amassed 5.19 billion users globally— nearly two-thirds of the world’s population.
Defined as a global computer network enabling access to and communication with the world’s wealth of information, people, and devices, data industry expert Sean Mallon recently referred to IoT as “the most important development of the 21st century.”
The Dark Underbelly of IoT
While the Internet of Things has clearly transformed global communications, improved the speed and efficiency of information exchange for consumers and businesses alike, and impacted the fundamental way in which modern society interacts and operates, it has a dark side as well. This primarily takes the form of bad actors who capitalize on opportunities to use the technology for nefarious purposes.
Botnets
Take, for example, the use of botnets. Hackers infect these networks of private computers with malicious software. They then control the botnets remotely, directing each connected device to perform tasks without the network owners’ knowledge.
Within unsecured computers, bad actors can use botnets to deploy malware, steal personal information, and attack websites. For example, internet giants Cloudflare, Google, and Amazon Web Services narrowly avoided a disastrous attack in October 2023 when a botnet involving 20,000 computers attempted a record-large and unprecedented distributed denial-of-service (DDoS) attack on those three organizations’ websites and services.
Bad actors also use botnets as a key means of spreading misinformation. A real-life example of botnets proliferating in daily life and impacting a massive group of people was witnessed during the 2016 U.S. presidential election, when hackers used Twitter accounts to share inaccurate information that was made to appear factual and trustworthy in order to influence public opinion.
Malware
Malware– an umbrella term referring to any intrusive software that hackers develop to steal data and damage or destroy computers or systems– is yet another type of attack that can be perpetrated through IoT and any unsecured connected devices. It comes in various forms such as viruses, worms, spyware, adware, and ransomware.
Real-life examples of the threat posed by malware include what’s become known as “CovidLock,” a ransomware attack in 2020 that took advantage of people’s desire for more information on COVID to ultimately deny access to Android users’ devices unless they paid a “ransom” of US$100. In the business community, the famed “Emotet” virus in 2018 propagated financial theft of bank accounts and cryptocurrencies, resulting in damages of US$1 million to the city of Allentown, Pennsylvania and US$2 million to Chilean bank Consorcio. According to Statista, 5.5 billion malware attacks were detected globally in 2022. Experts fear that this number will only continue to grow worldwide with the proliferation of artificial intelligence (AI) tools.
Safeguard Your Company from IoT Cyber Threats
Given our global society’s ever-expanding use of the Internet of Things and connected devices, along with the growing sophistication of tools employed by hackers, is your organization adequately positioned to help prevent cyber attacks and the damage they can inflict on your company’s financial status, brand, and reputation?
All About IoT Security, an eLearning program from IEEE, is here to help you bolster your defense against this threat.
This online program recognizes that, as Internet devices and systems become increasingly commonplace in our interconnected and digitalized society, connected devices run the increasing risk of being targeted and abused as tools to facilitate other malicious activities.
Developed by IEEE Educational Activities with support from the IEEE Internet of Things Technical Community, this six-course program provides audience members with a broad overview of IoT security, starting with malware (botnet detection and malware analysis) followed by vulnerabilities, network monitoring, setting up of testbeds, and application of blockchain in IoT security.
Specifically, learners will receive instruction on challenges and opportunities in IoT security and how IoT botnets grow their networks as well as forensics of IoT malware, taxonomy when designing an IoT system for security purposes, and the application of blockchain to the IoT. The course program is ideal for engineers in the fields of product and design, communications systems, computers, software and security, artificial intelligence and machine learning.
Interested in access for yourself? To enroll in this course, visit the IEEE Learning Network.
Connect with an IEEE Content Specialist today to learn how to get access to this program for your organization today.
Resources
Petrosyan, Ani. (22 September 2023). Number of Internet and Social Media Users Worldwide as of July 2023. Statista.
Mallon, Sean. (14 May 2020). IoT is the Most Important Development of the 21st Century. SmartData Collective.
(5 December 2017). What is a Botnet?. Panda.
Temming, Maria. (20 November 2018). How Twitter Bots Get People to Spread Fake News. ScienceNews.
Starks, Tim and DiMolfetta, David. (11 October 2023). The Largest Cyberattack of its Kind Recently Happened. Here’s How. The Washington Post.
What is Malware? Cisco.
Privacy By Design. Deloitte.
(4 June 2021). 11 Real and Famous Cases of Malware Attacks. Gatefy.
Panduru, Diana. (9 August 2021). 10 Malware Examples: Most Famous And Devastating Cases In History. Attack Simulator.
Petrosyan, Ani. (31 August 2023). Malware – Statistics & Facts. Statista.
From healthcare to supply chains, the decentralized nature of blockchain has the potential to fundamentally restructure the way organizations do business. Once fully implemented, it will also make the internet far more secure against cyber attacks – and give users greater control over their personal data.
How Does Blockchain Make the Internet More Secure?
Centralized networks are often vulnerable to cyber attacks because they tend to have few IP addresses, which hackers can easily penetrate using relatively simple schemes such as phishing. Once in, cyber criminals can do extensive damage, as recently demonstrated by waves of ransomware attacks costing companies an average of $4.24 million USD. However, the decentralized nature of blockchain presents a possible solution, as these complicated networks are far more difficult for hackers to access.
“For those blockchain solutions utilizing proof of work validation methods (such as bitcoin), hackers have to gain control of a majority of nodes to compromise ledger transactions — something that is, by design, computationally expensive,” Robert Napoli, a business strategist who writes about cybersecurity and digital transformation, wrote in Forbes. “This computational cost can be extended to other types of operations in a security scheme, reducing the need for a trusted central authority.”
Transitioning internet domain name servers (IDNs), which link web browsers to websites, to the blockchain, for instance, would disperse resources “to multiple nodes, making it infeasible for hackers to control the database,” Napoli adds. He noted that blockchain can be secured even further with the help of artificial intelligence technology.
Blockchain, Decentralized Identity, and Digital Identity Wallets
Aside from making networks more secure, blockchain technology can also give users a decentralized online identity that shields their personal data against breaches. According to Deepak Gupta, a cyber security innovator, tech strategist, and cofounder of LoginRadius, writing in VentureBeat, a decentralized identity “is based on a trust framework for identity management. It allows users to generate and control their own digital identity without depending on a specific service provider.”
With a decentralized identity (DID), users have digital “identity wallets” that store proof of their identity in a single location, which they can use to grant or deny access to third parties on the network. Not only do identity wallets give users an easier, more secure way to share their information, they also give users greater power over their own data.
According to Gupta, authentication through decentralized identity and blockchain include the following steps:
-
- The identity wallet contains the user’s verified identity details, including their name, age, address, education, employment details, and financial data. This creates a foundation of trust and confirms the user is eligible for authentication.
- The decentralized identity feature uses the public key associated with the private key and publishes it onto a distributed ledger like blockchain.
- As the decentralized system delivers the public key to the blockchain, the identity wallet receives a unique decentralized identifier representing the user across the internet.
- The user shares this identifier with the service provider to get authentication.
- The service provider seeks the shared identifier in the blockchain. If and when this is found, the blockchain then sends matching data to the application. The user then completes authentication by adding a signature using a private key.
The service provider application verifies authentication, allowing the user to take action.
The decentralized nature of blockchain has the potential to revolutionize cyber security, but will also come with radical changes. Is your organization prepared to take on this complex technology?
Designing Blockchain Solutions
Get practical guidance for how to design a blockchain solution with the IEEE five-course program, A Step-by-Step Approach to Designing Blockchain Solutions. Developed by experts, this course program recaps the basics of the technology; the expected benefits of a blockchain solution; how a solution would benefit a prospect company; and more.
Contact an IEEE Account Specialist to learn more about how this program can benefit your organization.
Interested in getting access for yourself? Visit the IEEE Learning Network (ILN) today!
Resources
Gupta, Deepak. (5 March 2022). Decentralized identity using blockchain. VentureBeat.
Napoli, Robert. (4 March 2022). How Blockchain Could Revolutionize Cybersecurity. Forbes.